Troj/PDFJs-WT
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 3,055 |
| Threat Level: | 20 % (Normal) |
| Infected Computers: | 4,009 |
| First Seen: | April 6, 2012 |
| Last Seen: | September 20, 2023 |
| OS(es) Affected: | Windows |
Corrupted PDF files can be used to bypass the filters of many (often not updated) security programs by taking advantage of various exploits in Acrobat Reader. Troj/PDFJs-WT refers to a kind of attack involving a malicious PDF file which hides the malicious code through a filter. Since many computer users still consider PDF files as a reliable, safe kind of file, Troj/PDFJs-WT attacks are more effective at targeting their victims through email spam attacks and malicious links than executable files or compressed archives. A filter is used to alter the data in a PDF in order to make the file readable as text or to make the file smaller by compressing the data. Criminals have found that using several layers of filtering in unconventional ways can be enough to obfuscate code in a way that bypasses an anti-malware scanner and allows the file to deliver its payload when it is opened by the victim.
How Troj/PDFJs-WT Attacks Use Filters to Hide Malicious Code
There are malicious PDF files that use image filters in order to hide malicious payloads. Other filters that can be used for a Troj/PDFJs-WT attack include the CCITTFax filter, which in combination with the ASCIIHex filter made the malicious code obfuscated enough to be undetectable. Basically, the criminals used several filters in succession, repeatedly using the ASCIIHex filter in order to hide the malicious code. While these filters have legitimate uses that allow certain data to be displayed and read as text or to be compatible with Fax components, criminals have found that they can convert their malicious code into what seems to be a harmless encoded stream to a security application.
However, once the filtered file is opened, it results in an exploit that takes advantage of the CVE-2010-2883 vulnerability, which should be patched in the latest versions of Adobe Reader. Troj/PDFJs-WT attacks are just one more way that criminals can use to make computer users vulnerable by using Adobe Software. Because of this, ESG malware analysts strongly advise against downloading any PDF files from a dubious source, such as an unsolicited email or an illegal file-sharing service. It is also important to close any potential exploits by keeping your Adobe software fully updated with the latest patches.
URLs
Troj/PDFJs-WT may call the following URLs:
| music-online.me |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.